foreman_openscap 4.2.0 → 4.3.0

data/test/unit/oval_host_test.rb

@@ -0,0 +1,45 @@
+require 'test_plugin_helper'
+
+class OvalHostTest < ActiveSupport::TestCase
+  test 'should show oval policies in enc' do
+    setup_ansible
+
+    content = FactoryBot.create(:oval_content)
+    policy = FactoryBot.create(:oval_policy, :oval_content => content)
+    proxy = FactoryBot.create(:openscap_proxy)
+    host = FactoryBot.create(:oval_host, :ansible_roles => [@ansible_role], :openscap_proxy => proxy)
+    facet = FactoryBot.create(:oval_facet, :host => host, :oval_policies => [policy])
+
+    host_params = host.info["parameters"]
+    policies = JSON.parse(host_params[@config.policies_param])
+    assert_equal 1, policies.length
+    assert_equal policies.first["id"], policy.id
+
+    assert_equal host_params[@config.port_param], proxy.port.to_s
+    assert_equal host_params[@config.server_param], proxy.hostname
+  end
+
+  def setup_ansible
+    @config = ForemanOpenscap::ClientConfig::Ansible.new(::ForemanOpenscap::OvalPolicy)
+    @ansible_role = FactoryBot.create(:ansible_role, :name => @config.ansible_role_name)
+    @port_key = FactoryBot.create(
+      :ansible_variable,
+      :key => @config.port_param,
+      :ansible_role => @ansible_role,
+      :override => true
+    )
+    @server_key = FactoryBot.create(
+      :ansible_variable,
+      :key => @config.server_param,
+      :ansible_role => @ansible_role,
+      :override => true
+    )
+    @policies_param = FactoryBot.create(
+      :ansible_variable,
+      :key => @config.policies_param,
+      :ansible_role => @ansible_role,
+      :override => true,
+      :default_value => @config.policies_param_default_value
+    )
+  end
+end

data/test/unit/oval_policy_test.rb

@@ -0,0 +1,133 @@
+require 'test_plugin_helper'
+
+class OvalPolicyTest < ActiveSupport::TestCase
+  setup do
+    @oval_content = FactoryBot.create(:oval_content)
+  end
+
+  test "should not create OVAL policy with custom period" do
+    policy = ForemanOpenscap::OvalPolicy.new(:name => "custom_policy",
+                                             :period => 'custom',
+                                             :cron_line => 'aaa',
+                                             :oval_content => @oval_content)
+    refute policy.save
+    assert policy.errors[:cron_line].include?("does not consist of 5 parts separated by space")
+  end
+
+  test "should create OVAL policy with weekly period" do
+    policy = ForemanOpenscap::OvalPolicy.new(:name => "custom_policy",
+                                             :period => 'weekly',
+                                             :weekday => 'monday',
+                                             :oval_content => @oval_content)
+    assert policy.save
+  end
+
+  test "should not create OVAL policy with weekly period" do
+    policy = ForemanOpenscap::OvalPolicy.new(:name => "custom_policy",
+                                             :period => 'weekly',
+                                             :weekday => 'someday',
+                                             :oval_content => @oval_content)
+    refute policy.save
+    assert policy.errors[:weekday].include?("is not a valid value")
+  end
+
+  test "should create OVAL policy with monthly period" do
+    policy = ForemanOpenscap::OvalPolicy.new(:name => "custom_policy",
+                                             :period => 'monthly',
+                                             :day_of_month => '1',
+                                             :oval_content => @oval_content)
+    assert policy.save
+  end
+
+  test "should not create OVAL policy with monthly period" do
+    policy = ForemanOpenscap::OvalPolicy.new(:name => "custom_policy",
+                                             :period => 'monthly',
+                                             :day_of_month => '0',
+                                             :oval_content => @oval_content)
+    refute policy.save
+    assert policy.errors[:day_of_month].include?("must be between 1 and 31")
+  end
+
+  test "should not create OVAL policy when attributes do not correspond to selected period in new record" do
+    policy_0 = ForemanOpenscap::OvalPolicy.new(:name => "custom_policy",
+                                               :period => 'monthly',
+                                               :weekday => 'tuesday',
+                                               :cron_line => "0 0 0 0 0",
+                                               :oval_content => @oval_content)
+    policy_1 = ForemanOpenscap::OvalPolicy.new(:name => "test policy",
+                                               :period => 'custom',
+                                               :weekday => 'tuesday',
+                                               :day_of_month => "15",
+                                               :oval_content => @oval_content)
+    refute policy_0.save
+    refute policy_1.save
+  end
+
+  test "should update OVAL policy period" do
+    policy = ForemanOpenscap::OvalPolicy.new(:name => "custom_policy",
+                                             :period => 'monthly',
+                                             :day_of_month => '5',
+                                             :oval_content => @oval_content)
+    assert policy.save
+    policy.period = 'weekly'
+    policy.weekday = 'monday'
+    policy.day_of_month = nil
+    assert policy.save
+  end
+
+  test "should add and remove hosts for OVAL policy" do
+    host = FactoryBot.create(:oval_host)
+    policy = ForemanOpenscap::OvalPolicy.new(:name => "custom_policy",
+                                             :period => 'monthly',
+                                             :day_of_month => '5',
+                                             :host_ids => [host.id],
+                                             :oval_content => @oval_content)
+
+    assert policy.save
+    assert policy.reload.hosts.include?(host)
+
+    policy.host_ids = []
+    assert policy.save
+    refute policy.reload.hosts.include?(host)
+  end
+
+  test "should add and remove hostgroups for OVAL policy" do
+    hostgroup = FactoryBot.create(:hostgroup)
+    policy = ForemanOpenscap::OvalPolicy.new(:name => "custom_policy",
+                                             :period => 'monthly',
+                                             :day_of_month => '5',
+                                             :hostgroup_ids => [hostgroup.id],
+                                             :oval_content => @oval_content)
+    assert policy.save
+    assert policy.reload.hostgroups.include?(hostgroup)
+
+    policy.hostgroup_ids = []
+    assert policy.save
+    refute policy.reload.hostgroups.include?(hostgroup)
+  end
+
+  test "should add and remove inherited OVAL policy" do
+    hostgroup = FactoryBot.create(:hostgroup)
+    host = FactoryBot.create(:oval_host, :hostgroup => hostgroup)
+    policy_1 = ForemanOpenscap::OvalPolicy.new(:name => "custom_policy",
+                                               :period => 'monthly',
+                                               :day_of_month => '5',
+                                               :hostgroup_ids => [hostgroup.id],
+                                               :oval_content => @oval_content)
+    policy_2 = ForemanOpenscap::OvalPolicy.new(:name => "custom_policy_again",
+                                               :period => 'monthly',
+                                               :day_of_month => '6',
+                                               :host_ids => [host.id],
+                                               :oval_content => @oval_content)
+    assert policy_1.save
+    assert policy_2.save
+
+    assert host.reload.combined_oval_policies.include?(policy_1)
+    assert host.combined_oval_policies.include?(policy_2)
+
+    policy_1.hostgroup_ids = []
+    assert policy_1.save
+    refute host.reload.combined_oval_policies.include?(policy_1)
+    assert host.combined_oval_policies.include?(policy_2)
+  end
+end

data/test/unit/oval_status_test.rb

@@ -0,0 +1,47 @@
+require 'test_plugin_helper'
+
+class OvalStatusTest < ActiveSupport::TestCase
+  setup do
+    @policy = FactoryBot.create(:oval_policy, :oval_content => FactoryBot.create(:oval_content))
+  end
+
+  test 'should have no vulnerabilities' do
+    host = FactoryBot.create(:oval_host)
+    FactoryBot.create(:oval_facet, :host => host, :oval_policies => [@policy])
+
+    status = ForemanOpenscap::OvalStatus.new
+    status.host = host
+    assert_equal 0, status.to_status
+    assert_equal ::HostStatus::Global::OK, status.to_global
+    assert status.relevant?
+  end
+
+  test 'should have vulnerabilities with available patch' do
+    host = FactoryBot.create(:oval_host, :cves => [FactoryBot.create(:cve, :has_errata => false), FactoryBot.create(:cve, :has_errata => true)])
+    FactoryBot.create(:oval_facet, :host => host, :oval_policies => [@policy])
+
+    status = ForemanOpenscap::OvalStatus.new
+    status.host = host
+    assert_equal 2, status.to_status
+    assert_equal ::HostStatus::Global::ERROR, status.to_global
+    assert status.relevant?
+  end
+
+  test 'should have vulnerabilities without available patch' do
+    host = FactoryBot.create(:oval_host, :cves => [FactoryBot.create(:cve, :has_errata => false), FactoryBot.create(:cve, :has_errata => false)])
+    FactoryBot.create(:oval_facet, :host => host, :oval_policies => [@policy])
+
+    status = ForemanOpenscap::OvalStatus.new
+    status.host = host
+    assert_equal 1, status.to_status
+    assert_equal ::HostStatus::Global::WARN, status.to_global
+    assert status.relevant?
+  end
+
+  test 'should not be relevant without oval policy' do
+    host = FactoryBot.create(:oval_host, :cves => [FactoryBot.create(:cve)])
+    status = ForemanOpenscap::OvalStatus.new
+    status.host = host
+    refute status.relevant?
+  end
+end

data/test/unit/services/oval/cves_test.rb

@@ -0,0 +1,81 @@
+require 'test_plugin_helper'
+
+class ForemanOpenscap::Oval::CvesTest < ActiveSupport::TestCase
+  setup do
+    @fxs = ForemanOpenscap::CveFixtures.new
+    @instance = ForemanOpenscap::Oval::Cves.new
+  end
+
+  test "should add CVEs to host" do
+    oval_data = create_cve_data @fxs.one
+    host = FactoryBot.create(:host)
+    assert_empty host.cves
+    @instance.create host, oval_data
+    refute_empty host.cves
+
+    assert_equal host.cves, host.cves.distinct
+  end
+
+  test "should filter out CVEs that do not affect the host" do
+    oval_data = create_cve_data @fxs.two
+    host = FactoryBot.create(:host)
+    assert_empty host.cves
+    @instance.create host, oval_data
+    refute_empty host.cves
+
+    assert_equal host.cves, ForemanOpenscap::Cve.where(:ref_id => @fxs.ids_from(@fxs.res_two))
+  end
+
+  test "should update host with a new set of CVEs" do
+    oval_data = create_cve_data @fxs.one
+    host = FactoryBot.create(:host)
+    assert_empty host.cves
+    @instance.create host, oval_data
+    refute_empty host.cves
+
+    cve_ids_before = host.reload.cve_ids
+    new_oval_data = create_cve_data @fxs.two
+    @instance.create host, new_oval_data
+
+    refute_equal host.reload.cve_ids, cve_ids_before
+    assert_equal host.cves, ForemanOpenscap::Cve.where(:ref_id => @fxs.ids_from(@fxs.res_two))
+
+    @fxs.ids_from(@fxs.res_three).map do |ref_id|
+      refute ForemanOpenscap::Cve.find_by :ref_id => ref_id
+    end
+  end
+
+  test "should not delete CVEs associated to another host" do
+    oval_data = create_cve_data @fxs.one
+    host = FactoryBot.create(:host)
+    @instance.create host, oval_data
+    refute_empty host.cves
+
+    cves_before = host.reload.cves
+
+    oval_data_2 = create_cve_data @fxs.two
+    host_2 = FactoryBot.create(:host)
+    @instance.create host_2, oval_data_2
+
+    assert_equal host.reload.cves, cves_before
+  end
+
+  test "should not delete CVEs associated to another policy" do
+    oval_data = create_cve_data [@fxs.res_three]
+    host = FactoryBot.create(:host)
+    assert_empty host.cves
+    @instance.create host, oval_data
+    refute_empty host.cves
+
+    cve_ids_before = host.reload.cve_ids
+    new_oval_data = create_cve_data [@fxs.res_four], 2
+    @instance.create host, new_oval_data
+
+    refute_equal host.reload.cve_ids, cve_ids_before
+    assert_equal host.cves, ForemanOpenscap::Cve.where(:ref_id => @fxs.ids_from(@fxs.res_three).concat(@fxs.ids_from(@fxs.res_four)))
+  end
+
+  def create_cve_data(fixture, policy_id = 1)
+    { 'oval_results' => fixture, 'oval_policy_id' => policy_id }
+  end
+end

data/test/unit/services/oval/setup_test.rb

@@ -0,0 +1,87 @@
+require 'test_plugin_helper'
+
+class ForemanOpenscap::Oval::SetupTest < ActiveSupport::TestCase
+  setup do
+    @config = ForemanOpenscap::ClientConfig::Ansible.new(::ForemanOpenscap::OvalPolicy)
+  end
+
+  test "should fail check when Ansible not available" do
+    ForemanOpenscap::ClientConfig::Ansible.any_instance.stubs(:available?).returns(false)
+
+    check_collection = ForemanOpenscap::Oval::Setup.new.run
+    assert check_collection.find_check(:foreman_ansible_present).failed?
+    assert check_collection.checks.reject { |res| res.id == :foreman_ansible_present }.all?(&:skipped?)
+  end
+
+  test "should fail check when Ansible role for client not imported" do
+    ForemanOpenscap::ClientConfig::Ansible.any_instance.stubs(:find_config_item).returns(nil)
+
+    check_collection = ForemanOpenscap::Oval::Setup.new.run
+    assert check_collection.find_check(:foreman_ansible_present).passed?
+    assert check_collection.find_check(:foreman_scap_client_role_present).failed?
+
+    assert check_collection.checks
+                           .select { |res| res.id != :foreman_ansible_present && res.id != :foreman_scap_client_role_present }
+                           .all?(&:skipped?)
+  end
+
+  test "should fail check when required Ansible variables are not imported" do
+    FactoryBot.create(:ansible_role, :name => @config.ansible_role_name)
+    check_collection = ForemanOpenscap::Oval::Setup.new.run
+    assert check_collection.find_check(:foreman_ansible_present).passed?
+    assert check_collection.find_check(:foreman_scap_client_role_present).passed?
+
+    res = check_collection.find_check(:foreman_scap_client_vars_present)
+    assert res.failed?
+    msg = "The following Ansible Variables were not found: foreman_scap_client_oval_policies, foreman_scap_client_port, foreman_scap_client_server, please import them before running this action again."
+    assert res.fail_msg, msg
+    assert override_results(check_collection.checks).all?(&:skipped?)
+  end
+
+  test "should fail check when fails to override a variable" do
+    role = FactoryBot.create(:ansible_role, :name => @config.ansible_role_name)
+    FactoryBot.create(:ansible_variable, :key => @config.port_param, :ansible_role => role)
+    FactoryBot.create(:ansible_variable, :key => @config.server_param, :ansible_role => role)
+    FactoryBot.create(:ansible_variable, :key => @config.policies_param, :ansible_role => role)
+    AnsibleVariable.any_instance.stubs(:save).returns(false)
+    AnsibleVariable.any_instance.stubs(:changed?).returns(true)
+    check_collection = ForemanOpenscap::Oval::Setup.new.run
+    assert check_collection.find_check(:foreman_ansible_present).passed?
+    assert check_collection.find_check(:foreman_scap_client_role_present).passed?
+    assert check_collection.find_check(:foreman_scap_client_vars_present).passed?
+    assert override_results(check_collection.checks).all?(&:failed?)
+  end
+
+  test "should pass all checks" do
+    role = FactoryBot.create(:ansible_role, :name => @config.ansible_role_name)
+    port_param = FactoryBot.create(:ansible_variable, :key => @config.port_param, :ansible_role => role)
+    server_param = FactoryBot.create(:ansible_variable, :key => @config.server_param, :ansible_role => role)
+    policies_param = FactoryBot.create(:ansible_variable, :key => @config.policies_param, :ansible_role => role)
+    check_collection = ForemanOpenscap::Oval::Setup.new.run
+
+    [policies_param, port_param, server_param].map(&:reload)
+
+    assert check_collection.all_passed?
+
+    assert @config.policies_param_default_value, policies_param.default_value
+    assert_equal 'array', policies_param.key_type
+    refute policies_param.hidden_value?
+    assert policies_param.override
+
+    refute port_param.value
+    assert_equal 'integer', port_param.key_type
+    assert port_param.override
+
+    refute server_param.hidden_value?
+    assert_equal 'string', server_param.key_type
+    assert server_param.override
+  end
+
+  def override_results(checks)
+    checks.select do |res|
+      res.id == :foreman_scap_client_server_overriden ||
+      res.id == :foreman_scap_client_port_overriden ||
+      res.id == :foreman_scap_client_policies_overriden
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: foreman_openscap
 version: !ruby/object:Gem::Version
-  version: 4.2.0
+  version: 4.3.0
 platform: ruby
 authors:
 - slukasik@redhat.com
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-02-24 00:00:00.000000000 Z
+date: 2021-05-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -45,6 +45,9 @@ files:
 - app/assets/stylesheets/foreman_openscap/reports.css
 - app/assets/stylesheets/foreman_openscap/scap_breakdown_chart.css
 - app/controllers/api/v2/compliance/arf_reports_controller.rb
+- app/controllers/api/v2/compliance/oval_contents_controller.rb
+- app/controllers/api/v2/compliance/oval_policies_controller.rb
+- app/controllers/api/v2/compliance/oval_reports_controller.rb
 - app/controllers/api/v2/compliance/policies_controller.rb
 - app/controllers/api/v2/compliance/scap_content_profiles_controller.rb
 - app/controllers/api/v2/compliance/scap_contents_controller.rb
@@ -52,6 +55,8 @@ files:
 - app/controllers/arf_reports_controller.rb
 - app/controllers/compliance_dashboard_controller.rb
 - app/controllers/compliance_hosts_controller.rb
+- app/controllers/concerns/foreman/controller/parameters/oval_content.rb
+- app/controllers/concerns/foreman/controller/parameters/oval_policy.rb
 - app/controllers/concerns/foreman/controller/parameters/policy.rb
 - app/controllers/concerns/foreman/controller/parameters/policy_api.rb
 - app/controllers/concerns/foreman/controller/parameters/scap_content.rb
@@ -67,6 +72,9 @@ files:
 - app/controllers/policy_dashboard_controller.rb
 - app/controllers/scap_contents_controller.rb
 - app/controllers/tailoring_files_controller.rb
+- app/graphql/types/cve.rb
+- app/graphql/types/oval_content.rb
+- app/graphql/types/oval_policy.rb
 - app/helpers/arf_report_dashboard_helper.rb
 - app/helpers/arf_reports_helper.rb
 - app/helpers/compliance_dashboard_helper.rb
@@ -84,14 +92,28 @@ files:
 - app/models/concerns/foreman_openscap/data_stream_content.rb
 - app/models/concerns/foreman_openscap/host_extensions.rb
 - app/models/concerns/foreman_openscap/hostgroup_extensions.rb
+- app/models/concerns/foreman_openscap/inherited_policies.rb
 - app/models/concerns/foreman_openscap/log_extensions.rb
 - app/models/concerns/foreman_openscap/openscap_proxy_core_extensions.rb
 - app/models/concerns/foreman_openscap/openscap_proxy_extensions.rb
+- app/models/concerns/foreman_openscap/oval_facet_host_extensions.rb
+- app/models/concerns/foreman_openscap/oval_facet_hostgroup_extensions.rb
+- app/models/concerns/foreman_openscap/policy_common.rb
+- app/models/concerns/foreman_openscap/scap_file_content.rb
 - app/models/concerns/foreman_openscap/smart_proxy_extensions.rb
 - app/models/foreman_openscap/arf_report.rb
 - app/models/foreman_openscap/asset.rb
 - app/models/foreman_openscap/asset_policy.rb
 - app/models/foreman_openscap/compliance_status.rb
+- app/models/foreman_openscap/cve.rb
+- app/models/foreman_openscap/host/oval_facet.rb
+- app/models/foreman_openscap/host_cve.rb
+- app/models/foreman_openscap/hostgroup/oval_facet.rb
+- app/models/foreman_openscap/hostgroup_oval_facet_oval_policy.rb
+- app/models/foreman_openscap/oval_content.rb
+- app/models/foreman_openscap/oval_facet_oval_policy.rb
+- app/models/foreman_openscap/oval_policy.rb
+- app/models/foreman_openscap/oval_status.rb
 - app/models/foreman_openscap/policy.rb
 - app/models/foreman_openscap/policy_arf_report.rb
 - app/models/foreman_openscap/policy_revision.rb
@@ -106,9 +128,17 @@ files:
 - app/services/foreman_openscap/config_name_service.rb
 - app/services/foreman_openscap/host_report_dashboard/data.rb
 - app/services/foreman_openscap/hostgroup_overrider.rb
+- app/services/foreman_openscap/hostgroup_overrider_common.rb
 - app/services/foreman_openscap/lookup_key_overrider.rb
+- app/services/foreman_openscap/lookup_key_overrides_common.rb
 - app/services/foreman_openscap/openscap_proxy_assigned_version_check.rb
 - app/services/foreman_openscap/openscap_proxy_version_check.rb
+- app/services/foreman_openscap/oval/check_collection.rb
+- app/services/foreman_openscap/oval/configure.rb
+- app/services/foreman_openscap/oval/cves.rb
+- app/services/foreman_openscap/oval/setup.rb
+- app/services/foreman_openscap/oval/setup_check.rb
+- app/services/foreman_openscap/oval/sync_oval_contents.rb
 - app/services/foreman_openscap/policy_dashboard/data.rb
 - app/services/foreman_openscap/report_dashboard/data.rb
 - app/services/proxy_status/openscap_spool.rb
@@ -120,12 +150,24 @@ files:
 - app/views/api/v2/compliance/arf_reports/show.json.rabl
 - app/views/api/v2/compliance/common/_loc.json.rabl
 - app/views/api/v2/compliance/common/_org.json.rabl
+- app/views/api/v2/compliance/oval_contents/base.json.rabl
+- app/views/api/v2/compliance/oval_contents/create.json.rabl
+- app/views/api/v2/compliance/oval_contents/index.json.rabl
+- app/views/api/v2/compliance/oval_contents/show.json.rabl
+- app/views/api/v2/compliance/oval_contents/sync.json.rabl
+- app/views/api/v2/compliance/oval_contents/sync_result.json.rabl
+- app/views/api/v2/compliance/oval_contents/update.json.rabl
+- app/views/api/v2/compliance/oval_policies/create.json.rabl
+- app/views/api/v2/compliance/oval_policies/index.json.rabl
+- app/views/api/v2/compliance/oval_policies/main.json.rabl
+- app/views/api/v2/compliance/oval_policies/show.json.rabl
 - app/views/api/v2/compliance/policies/base.json.rabl
 - app/views/api/v2/compliance/policies/children.json.rabl
 - app/views/api/v2/compliance/policies/create.json.rabl
 - app/views/api/v2/compliance/policies/index.json.rabl
 - app/views/api/v2/compliance/policies/main.json.rabl
 - app/views/api/v2/compliance/policies/show.json.rabl
+- app/views/api/v2/compliance/policies_common/_attrs.json.rabl
 - app/views/api/v2/compliance/scap_content_profiles/base.json.rabl
 - app/views/api/v2/compliance/scap_content_profiles/index.json.rabl
 - app/views/api/v2/compliance/scap_content_profiles/main.json.rabl
@@ -161,6 +203,7 @@ files:
 - app/views/foreman_openscap/policy_mailer/policy_summary.erb
 - app/views/hosts/select_multiple_openscap_proxy.html.erb
 - app/views/job_templates/run_openscap_scans.erb
+- app/views/job_templates/run_oval_scans.erb
 - app/views/policies/_form.html.erb
 - app/views/policies/_list.html.erb
 - app/views/policies/_scap_content_results.html.erb
@@ -199,6 +242,7 @@ files:
 - app/views/tailoring_files/index.html.erb
 - app/views/tailoring_files/new.html.erb
 - app/views/tailoring_files/welcome.html.erb
+- config/initializers/inflections.rb
 - config/routes.rb
 - db/migrate/20141013172051_create_scaptimony_policies.rb
 - db/migrate/20141014105333_create_scaptimony_assets.rb
@@ -246,7 +290,16 @@ files:
 - db/migrate/20190103093409_add_deployment_option_to_policy.foreman_openscap.rb
 - db/migrate/20200117135424_migrate_port_overrides_to_int.rb
 - db/migrate/20200803065041_migrate_port_overrides_for_ansible.rb
+- db/migrate/20201019074925_create_oval_policy.rb
+- db/migrate/20201020113801_create_oval_facet.rb
+- db/migrate/20201021084109_create_hostgroup_oval_facet.rb
+- db/migrate/20201106080924_create_oval_content.rb
+- db/migrate/20201116110256_add_oval_content_to_oval_policy.rb
+- db/migrate/20201120080329_create_cves.rb
 - db/migrate/20201202110213_update_puppet_port_param_type.rb
+- db/migrate/20201217130800_add_has_errata_to_cve.rb
+- db/migrate/20201217161511_add_url_to_oval_content.rb
+- db/migrate/20210409095625_add_oval_policy_reference_to_cve.rb
 - db/seeds.d/75-job_templates.rb
 - db/seeds.d/openscap_feature.rb
 - db/seeds.d/openscap_policy_notification.rb
@@ -261,37 +314,52 @@ files:
 - locale/Makefile
 - locale/action_names.rb
 - locale/de/LC_MESSAGES/foreman_openscap.mo
+- locale/de/foreman_openscap.edit.po
 - locale/de/foreman_openscap.po
 - locale/en_GB/LC_MESSAGES/foreman_openscap.mo
+- locale/en_GB/foreman_openscap.edit.po
 - locale/en_GB/foreman_openscap.po
 - locale/es/LC_MESSAGES/foreman_openscap.mo
+- locale/es/foreman_openscap.edit.po
 - locale/es/foreman_openscap.po
 - locale/foreman_openscap.pot
 - locale/fr/LC_MESSAGES/foreman_openscap.mo
+- locale/fr/foreman_openscap.edit.po
 - locale/fr/foreman_openscap.po
 - locale/gl/LC_MESSAGES/foreman_openscap.mo
+- locale/gl/foreman_openscap.edit.po
 - locale/gl/foreman_openscap.po
 - locale/it/LC_MESSAGES/foreman_openscap.mo
+- locale/it/foreman_openscap.edit.po
 - locale/it/foreman_openscap.po
 - locale/ja/LC_MESSAGES/foreman_openscap.mo
+- locale/ja/foreman_openscap.edit.po
 - locale/ja/foreman_openscap.po
 - locale/ko/LC_MESSAGES/foreman_openscap.mo
+- locale/ko/foreman_openscap.edit.po
 - locale/ko/foreman_openscap.po
 - locale/pt_BR/LC_MESSAGES/foreman_openscap.mo
+- locale/pt_BR/foreman_openscap.edit.po
 - locale/pt_BR/foreman_openscap.po
 - locale/ru/LC_MESSAGES/foreman_openscap.mo
+- locale/ru/foreman_openscap.edit.po
 - locale/ru/foreman_openscap.po
 - locale/sv_SE/LC_MESSAGES/foreman_openscap.mo
+- locale/sv_SE/foreman_openscap.edit.po
 - locale/sv_SE/foreman_openscap.po
 - locale/zanata.xml
 - locale/zh_CN/LC_MESSAGES/foreman_openscap.mo
+- locale/zh_CN/foreman_openscap.edit.po
 - locale/zh_CN/foreman_openscap.po
 - locale/zh_TW/LC_MESSAGES/foreman_openscap.mo
+- locale/zh_TW/foreman_openscap.edit.po
 - locale/zh_TW/foreman_openscap.po
 - test/factories/arf_report_factory.rb
 - test/factories/asset_factory.rb
 - test/factories/compliance_host_factory.rb
 - test/factories/compliance_log_factory.rb
+- test/factories/oval_content_factory.rb
+- test/factories/oval_policy_factory.rb
 - test/factories/policy_arf_report_factory.rb
 - test/factories/policy_factory.rb
 - test/factories/scap_content_related.rb
@@ -300,10 +368,15 @@ files:
 - test/files/arf_report/arf_report.json
 - test/files/arf_report/arf_report_msg_desc_changed.json
 - test/files/arf_report/arf_report_msg_value_changed.json
+- test/files/oval_contents/ansible-2.9.oval.xml.bz2
 - test/files/scap_contents/ssg-fedora-ds.xml
 - test/files/tailoring_files/ssg-firefox-ds-tailoring-2.xml
 - test/files/tailoring_files/ssg-firefox-ds-tailoring.xml
+- test/fixtures/cve_fixtures.rb
 - test/functional/api/v2/compliance/arf_reports_controller_test.rb
+- test/functional/api/v2/compliance/oval_contents_controller_test.rb
+- test/functional/api/v2/compliance/oval_policies_controller_test.rb
+- test/functional/api/v2/compliance/oval_reports_controller_test.rb
 - test/functional/api/v2/compliance/policies_controller_test.rb
 - test/functional/api/v2/compliance/scap_content_profiles_controller_test.rb
 - test/functional/api/v2/compliance/scap_contents_controller_test.rb
@@ -312,6 +385,8 @@ files:
 - test/functional/arf_reports_controller_test.rb
 - test/functional/openscap_proxies_controller_test.rb
 - test/functional/tailoring_files_controller_test.rb
+- test/graphql/queries/oval_contents_query_test.rb
+- test/graphql/queries/oval_policies_query_test.rb
 - test/helpers/arf_report_dashboard_helper_test.rb
 - test/helpers/policy_dashboard_helper_test.rb
 - test/lib/foreman_openscap/bulk_upload_test.rb
@@ -323,12 +398,17 @@ files:
 - test/unit/concerns/openscap_proxy_extenstions_test.rb
 - test/unit/message_cleaner_test.rb
 - test/unit/openscap_host_test.rb
+- test/unit/oval_host_test.rb
+- test/unit/oval_policy_test.rb
+- test/unit/oval_status_test.rb
 - test/unit/policy_mailer_test.rb
 - test/unit/policy_test.rb
 - test/unit/scap_content_test.rb
 - test/unit/services/config_name_service_test.rb
 - test/unit/services/hostgroup_overrider_test.rb
 - test/unit/services/lookup_key_overrider_test.rb
+- test/unit/services/oval/cves_test.rb
+- test/unit/services/oval/setup_test.rb
 - test/unit/services/report_dashboard/data_test.rb
 - test/unit/services/tailoring_files_proxy_check_test.rb
 - test/unit/tailoring_file_test.rb
@@ -358,11 +438,13 @@ summary: Foreman plug-in for displaying OpenSCAP audit reports
 test_files:
 - test/factories/arf_report_factory.rb
 - test/factories/asset_factory.rb
-- test/factories/compliance_host_factory.rb
 - test/factories/policy_arf_report_factory.rb
 - test/factories/policy_factory.rb
 - test/factories/scap_content_related.rb
 - test/factories/compliance_log_factory.rb
+- test/factories/compliance_host_factory.rb
+- test/factories/oval_content_factory.rb
+- test/factories/oval_policy_factory.rb
 - test/files/arf_report/arf_report.bz2
 - test/files/arf_report/arf_report.html
 - test/files/arf_report/arf_report.json
@@ -371,11 +453,15 @@ test_files:
 - test/files/scap_contents/ssg-fedora-ds.xml
 - test/files/tailoring_files/ssg-firefox-ds-tailoring-2.xml
 - test/files/tailoring_files/ssg-firefox-ds-tailoring.xml
+- test/files/oval_contents/ansible-2.9.oval.xml.bz2
 - test/functional/api/v2/compliance/policies_controller_test.rb
 - test/functional/api/v2/compliance/scap_content_profiles_controller_test.rb
 - test/functional/api/v2/compliance/scap_contents_controller_test.rb
 - test/functional/api/v2/compliance/tailoring_files_controller_test.rb
 - test/functional/api/v2/compliance/arf_reports_controller_test.rb
+- test/functional/api/v2/compliance/oval_contents_controller_test.rb
+- test/functional/api/v2/compliance/oval_policies_controller_test.rb
+- test/functional/api/v2/compliance/oval_reports_controller_test.rb
 - test/functional/api/v2/hosts_controller_test.rb
 - test/functional/arf_reports_controller_test.rb
 - test/functional/openscap_proxies_controller_test.rb
@@ -397,6 +483,14 @@ test_files:
 - test/unit/services/lookup_key_overrider_test.rb
 - test/unit/services/report_dashboard/data_test.rb
 - test/unit/services/tailoring_files_proxy_check_test.rb
+- test/unit/services/oval/cves_test.rb
+- test/unit/services/oval/setup_test.rb
 - test/unit/tailoring_file_test.rb
 - test/unit/policy_test.rb
+- test/unit/oval_host_test.rb
+- test/unit/oval_policy_test.rb
+- test/unit/oval_status_test.rb
+- test/fixtures/cve_fixtures.rb
+- test/graphql/queries/oval_contents_query_test.rb
+- test/graphql/queries/oval_policies_query_test.rb
 - test/test_plugin_helper.rb